Most breaches affecting the insurance industry come about through third-party attacks, with third-party software and IT behind half of them, according to new research.
More than a quarter of companies reported breaches last year, SecurityScorecard found, higher than the S&P 500 average and twice as many as the US energy industry.
Notably, third-party attack vectors were behind 59% of these incidents, the highest proportion companies operating in the industry have seen so far and double the global cross-industry average.
More than half the companies had at least one compromised credential in the past two years, and 17% had malware infections and device compromises.
“Insurance companies’ reliance on technology to manage daily operations has outpaced their ability to secure it,” said Andrew Correll, SecurityScorecard’s senior director of cyber insurability.
“Cyber risks don’t stop at the first layer of defense — they extend deep into the supply chain, where vulnerabilities are harder to detect and even harder to mitigate. Addressing these risks requires a shift in how the industry prioritizes third-party security.”
In terms of overall security posture, the top cyber risk factor…
